Skip to content

Latest commit

 

History

History
250 lines (214 loc) · 6.56 KB

README.md

File metadata and controls

250 lines (214 loc) · 6.56 KB

Former2 CLI

NPM version

The Former2 CLI allows you to use the former2.com tool directly from your command line.

CAUTION: The Former2 CLI is experimental. Use at your own risk.

Install

npm install -g former2

Or build the Docker image if Node.js is not installed in your environment:

docker build https://github.com/iann0036/former2.git#master:cli -t iann0036/former2:latest

Usage

Former2 will load AWS credentials from your local credentials file, environment variables or other available sources per default precedence. It is recommended that you provide only read access with these credentials and suggest you assign the ReadOnlyAccess policy.

generate

The generate command will generate one or multiple outputs from all discovered resources and write them to the filename specified.

former2 generate \
  --output-cloudformation "cloudformation.yml" \
  --output-terraform "terraform.hcl" \
  --output-raw-data "debug.json" \
  --search-filter "myapp" \
  --exclude-services "CloudWatch,KMS" \
  --sort-output

When using Docker image:

docker run --rm -t -v `pwd`:/former2 -v ~/.aws:/root/.aws \
iann0036/former2:latest generate \
  --output-cloudformation "cloudformation.yml" \
  --output-terraform "terraform.hcl" \
  --search-filter "myapp" \
  --exclude-services "CloudWatch,KMS" \
  --sort-output

Options

At least one of the options starting with --output should be specified.

Options:
  --output-cloudformation <filename>     filename for CloudFormation output
  --output-terraform <filename>          filename for Terraform output
  --output-raw-data <filename>           filename for debug output (full)
  --output-logical-id-mapping <filename> filename for logical to physical id mapping
  --cfn-deletion-policy <Delete|Retain>  add DeletionPolicy in CloudFormation output
  --search-filter <value>                search filter for discovered resources ('or search' can be comma separated, 'and search' can be '&' separated.)
  --regex-filter <value>                 regexp filter for discovered resources to include in the output
  --services <value>                     list of services to include (can be comma separated (default: ALL))
  --exclude-services <value>             list of services to exclude (can be comma separated)
  --sort-output                          sort resources by their ID before outputting
  --include-default-resources            include default resources such as default VPCs and their subnets
  --region <regionname>                  overrides the default AWS region to scan
  --profile <profilename>                uses the profile specified from the shared credentials file
  --proxy <protocol://host:port>         use proxy
  --debug                                log debugging messages
  -h, --help                             output usage information

Service Names

Below is a list of services for use with the --services and --exclude-services argument:

Expand
  • 1Click
  • APIGateway
  • AmazonMQ
  • Amplify
  • Analytics
  • AppConfig
  • AppFlow
  • AppMesh
  • AppStream
  • AppSync
  • Athena
  • AuditManager
  • AutoScaling
  • Backup
  • Batch
  • Budgets
  • CertificateManager
  • Cloud9
  • CloudFront
  • CloudHSM
  • CloudMap
  • CloudTrail
  • CloudWatch
  • CodeArtifact
  • CodeBuild
  • CodeCommit
  • CodeDeploy
  • CodeGuru
  • CodePipeline
  • CodeStar
  • Cognito
  • Config
  • Core
  • CostExplorer
  • DataBrew
  • DataPipeline
  • DataSync
  • DatabaseMigrationService
  • Detective
  • DevOpsGuru
  • DeviceFarm
  • DirectConnect
  • DirectoryService
  • DocumentDB
  • DynamoDB
  • EC2
  • EC2ImageBuilder
  • ECR
  • ECS
  • EFS
  • EKS
  • EMR
  • ElastiCache
  • ElasticBeanstalk
  • ElasticTranscoder
  • Elasticsearch
  • EventBridge
  • Events
  • FSx
  • GameLift
  • Glacier
  • GlobalAccelerator
  • Glue
  • Greengrass
  • GroundStation
  • GuardDuty
  • IAM
  • Inspector
  • InteractiveVideoService
  • KMS
  • Kendra
  • Kinesis
  • LakeFormation
  • Lambda
  • Lex
  • LicenseManager
  • Lightsail
  • LookoutForVision
  • MSK
  • Macie
  • ManagedApacheAirflow
  • ManagedBlockchain
  • MediaConnect
  • MediaConvert
  • MediaLive
  • MediaPackage
  • MediaStore
  • Neptune
  • OpsWorks
  • Organizations
  • Pinpoint
  • QLDB
  • QuickSight
  • RDS
  • Redshift
  • ResourceAccessManager
  • ResourceGroups
  • RoboMaker
  • Route53
  • S3
  • SES
  • SNS
  • SQS
  • SWF
  • SageMaker
  • SecretsManager
  • SecurityHub
  • ServiceCatalog
  • ServiceQuotas
  • Signer
  • SimpleDB
  • SingleSignOn
  • SiteWise
  • StepFunctions
  • StorageGateway
  • SystemsManager
  • ThingsGraph
  • Timestream
  • Transfer
  • VPC
  • WAFAndShield
  • WorkLink
  • WorkSpaces
  • XRay

Filtering examples

Generate CloudFormation output for Lambda and IAM only.

former2 generate --services "Lambda,IAM" --output-cloudformation "cfn.yaml"

Generate CloudFormation output all services excluding CloudWatch and KMS.

former2 generate --output-cloudformation "cfn.yaml" --exclude-services "CloudWatch,KMS"

Generates Terraform output only for the resources that contain "myapp" in Names or Tags etc. Filtering by whether the JSON responses of the AWS SDK calls contain a specified string.

former2 generate --output-terraform "tf.hcl" --search-filter "myapp"

Generate CloudFormation output for EC2 excluding instances with volumes/ENIs

former2 generate --output-cloudformation "cfn.yaml" --services EC2 --regex-filter '"f2type":(?!"(ec2.instance|ec2.volume|ec2.networkinterface))'

filter

The filter command will use saved raw data output from previous generate run to produce the outputs instead of queryng the cloud every time you need to change the filter.

The use case which inspired this command was to produce EC2 CFN file without instances and volumes because autoscaling groups take care of launching instances.

former2 filter \
  --output-cloudformation "cloudformation.yml" \
  --input-file "debug.json" \
  --regex-filter '"f2type":(?!"(ec2.instance|elbv2.loadbalancerlistenercertificate|ec2.volume|ec2.networkinterface))' \
  --sort-output

Security

Calls to the AWS service API endpoints are made directly with the JavaScript SDK. Recording data is kept entirely in memory or on local disk and is never sent over the internet or anywhere else. You should take care to remove any sensitive data (passwords etc.) when sharing your generated code/templates with others.